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1. A method for digital content access control, comprising: 

receiving a rights locker enrollment request from a user device associated with a 
user, said rights locker enrollment request comprising a digital content request 
and enrollment authentication data; 
determining whether said user is authorized, said determining comprising 

determining the rights of said user to access said rights locker and the rights of 
said user to digital content specified by said digital content request; and 
if said user is authorized, 

initializing said rights locker with rights to said digital content; 
if a first token used to create said authenticated rights locker access request has 
been fully redeemed, obtaining a new token that authenticates future access 
to a rights locker corresponding to said digital content; 
creating an authenticated rights locker access request based at least in part on 

said new token; and 
sending said authenticated rights locker access request. 

2. The method of claim 1 wherein said digital content request comprises a request for 
initializing said rights locker with rights to specified digital content. 

3. The method of claim 1 wherein said enrollment authentication data comprises: 
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rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 

has to digital content associated with said rights locker. 

4. The method of claim 3 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 

5. The method of claim 3 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

6. The method of claim 1 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 

7. The method of claim 1 wherein said determining comprises determining whether 
said user is entitled to become an enrolled user based at least in part on whether 
payment for use of the rights locker service succeeds. 

8. The method of claim 1 wherein said determining comprises determining whether an 
enrolled user is entitled to populate said rights locker with rights to said digital 
content based at least in part on whether payment for said rights succeeds. 
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9. The method of claim 1 wherein said new token is for storage in a bookmark on said 
user device. 

10. The method of claim 1 wherein said sending further comprises embedding said 
authenticated rights locker access request in a Web cookie before said sending. 

11. The method of claim 1 wherein said sending further comprises encapsulating said 
authenticated rights locker access request in an HTTP Response message before said 
sending. 

12. A method for digital content access control, comprising: 

receiving a first authenticated rights locker access request and a digital content 
specification; 

validating said first authenticated rights locker access request; 

if said validating indicates said first authenticated rights locker access request is 

valid, 

creating an authenticated digital content request for use in accessing digital 

content stored by a digital content repository; 
if a first token used to create said authenticated rights locker access request has 

been fully redeemed, obtaining a new token that authenticates future access 

to a rights locker corresponding to said digital content; 
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creating a new authenticated rights locker access request based at least in part on 

said new token; and 
sending said authenticated digital content request and said new authenticated 

rights locker access request. 

13. The method of claim 12 wherein said receiving further comprises receiving one or 
more delivery parameters, said one or more delivery parameters indicating where 
said digital content should be sent, a delivery mechanism, or both. 

14. The method of claim 12 wherein said new token is for storage in a bookmark on a 
user device. 

15. The method of claim 12, further comprising embedding said authenticated rights 
locker access request in a Web cookie before said sending. 

16. The method of claim 12, further comprising encapsulating said authenticated rights 
locker access request in an HTTP Response message before said sending. 

17. A method for digital content access control, comprising: 

receiving a first authenticated rights locker access request and a digital content 
specification; 

validating said first authenticated rights locker access request; 
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if said validating indicates said first authenticated rights locker access request is 
valid, 

creating an authenticated digital content request for use in accessing digital 

content stored by a digital content repository; 
sending said authenticated digital content request to a digital content 

repository; 

if a first token used to create said authenticated rights locker access request 
has been fully redeemed, obtaining a new token that authenticates future 
access to a rights locker corresponding to said digital content; 

creating a new authenticated rights locker access request based at least in part 
on said new token; and 

sending said authenticated digital content request and said new authenticated 
rights locker access request. 

18. The method of claim 17 wherein said receiving further comprises receiving one or 
more delivery parameters, said one or more delivery parameters indicating where 
said digital content should be sent, a delivery mechanism, or both. 

19. The method of claim 17 wherein said new token is for storage in a bookmark on a 
user device. 

20. The method of claim 17, further comprising embedding said authenticated rights 
locker access request in a Web cookie before said sending. 
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21. The method of claim 17, further comprising encapsulating said authenticated rights 
locker access request in an HTTP Response message before said sending. 

22. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method for digital content 
access control, the method comprising: 

receiving a rights locker enrollment request from a user device associated with a 
user, said rights locker enrollment request comprising a digital content request 
and enrollment authentication data; 
determining whether said user is authorized, said determining comprising 

determining the rights of said user to access said rights locker and the rights of 
said user to digital content specified by said digital content request; and 
if said user is authorized, 

initializing said rights locker with rights to said digital content; 
if a first token used to create said authenticated rights locker access request has 
been fully redeemed, obtaining a new token that authenticates future access 
to a rights locker corresponding to said digital content; 
creating an authenticated rights locker access request based at least in part on 

said new token; and 
sending said authenticated rights locker access request. 
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23. The program storage device of claim 22 wherein said digital content request 
comprises a request for initializing said rights locker with rights to specified digital 
content. 

24. The program storage device of claim 22 wherein said enrollment authentication data 
comprises: 

rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 

has to digital content associated with said rights locker. 

25. The program storage device of claim 24 wherein said rights locker access 
authentication data comprises payment for use of a rights locker service. 

26. The program storage device of claim 24 wherein said rights content access 
authentication data comprises payment for rights deposited in said rights locker. 

27. The program storage device of claim 22 wherein said enrollment authentication data 
comprises a reenrollment key determined in a previous enrollment request for said 
rights locker, said reenrollment key for supplementing or replacing enrollment 
authentication data of said previous enrollment request. 



126 



EV 263 600 973 Docket No. SUN-P8726 

28. The program storage device of claim 22 wherein said determining comprises 
determining whether said user is entitled to become an enrolled user based at least in 
part on whether payment for use of the rights locker service succeeds. 

29. The program storage device of claim 22 wherein said determining comprises 
determining whether an enrolled user is entitled to populate said rights locker with 
rights to said digital content based at least in part on whether payment for said rights 
succeeds. 

30. The program storage device of claim 22 wherein said new token is for storage in a 
bookmark on said user device. 

31. The program storage device of claim 22, said method further comprising embedding 
said authenticated rights locker access request in a Web cookie before said sending. 

32. The program storage device of claim 22, said method further comprising 
encapsulating said authenticated rights locker access request in an HTTP Response 
message before said sending. 

33. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method for digital content 
access control, the method comprising: 
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receiving a first authenticated rights locker access request and a digital content 
specification; 

validating said first authenticated rights locker access request; 

if said validating indicates said first authenticated rights locker access request is 

valid, 

creating an authenticated digital content request for use in accessing digital 

content stored by a digital content repository; 
if a first token used to create said authenticated rights locker access request has 

been fully redeemed, obtaining a new token that authenticates future access 

to a rights locker corresponding to said digital content; 
creating a new authenticated rights locker access request based at least in part on 

said new token; and 
sending said authenticated digital content request and said new authenticated 

rights locker access request. 

34. The program storage device of claim 33 wherein said receiving further comprises 
receiving one or more delivery parameters, said one or more delivery parameters 
indicating where said digital content should be sent, a delivery mechanism, or both. 

35. The program storage device of claim 33 wherein said new token is for storage in a 
bookmark on a user device. 
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36. The program storage device of claim 33, said method further comprising embedding 
said authenticated rights locker access request in a Web cookie before said sending. 

37. The program storage device of claim 33, said method further comprising 
encapsulating said authenticated rights locker access request in an HTTP Response 
message before said sending. 

38. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method for digital content 
access control, the method comprising: 

receiving a first authenticated rights locker access request and a digital content 
specification; 

validating said first authenticated rights locker access request; 

if said validating indicates said first authenticated rights locker access request is 
valid, 

creating an authenticated digital content request for use in accessing digital 

content stored by a digital content repository; 
sending said authenticated digital content request to a digital content 

repository; 

if a first token used to create said authenticated rights locker access request 
has been fully redeemed, obtaining a new token that authenticates future 
access to a rights locker corresponding to said digital content; 
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creating a new authenticated rights locker access request based at least in part 

on said new token; and 
sending said authenticated digital content request and said new authenticated 

rights locker access request. 

39. The program storage device of claim 38 wherein said receiving further comprises 
receiving one or more delivery parameters, said one or more delivery parameters 
indicating where said digital content should be sent, a delivery mechanism, or both. 

40. The program storage device of claim 38 wherein said new token is for storage in a 
bookmark on a user device. 

41. The program storage device of claim 38, said method further comprising embedding 
said authenticated rights locker access request in a Web cookie before said sending. 

42. The program storage device of claim 38, said method further comprising 
encapsulating said authenticated rights locker access request in an HTTP Response 
message before said sending. 

43. An apparatus for digital content access control, comprising: 

means for receiving a rights locker enrollment request from a user device associated 
with a user, said rights locker enrollment request comprising a digital content 
request and enrollment authentication data; 
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means for determining whether said user is authorized, said determining comprising 
determining the rights of said user to access said rights locker and the rights of 
said user to digital content specified by said digital content request; and 
means for if said user is authorized, 

initializing said rights locker with rights to said digital content; 

if a first token used to create said authenticated rights locker access request has 

been fully redeemed, obtaining a new token that authenticates future access 

to a rights locker corresponding to said digital content; 
creating an authenticated rights locker access request based at least in part on 

said new token; and 
sending said authenticated rights locker access request. 

44. The apparatus of claim 43 wherein said digital content request comprises a request 
for initializing said rights locker with rights to specified digital content. 

45. The apparatus of claim 43 wherein said enrollment authentication data comprises: 
rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 
has to digital content associated with said rights locker. 

46. The apparatus of claim 45 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 
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47. The apparatus of claim 45 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

48. The apparatus of claim 43 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 

49. The apparatus of claim 43 wherein said means for determining comprises means for 
determining whether said user is entitled to become an enrolled user based at least in 
part on whether payment for use of the rights locker service succeeds. 

50. The apparatus of claim 43 wherein said means for determining comprises means for 
determining whether an enrolled user is entitled to populate said rights locker with 
rights to said digital content based at least in part on whether payment for said rights 
succeeds. 

51. The apparatus of claim 43 wherein said new token is for storage in a bookmark on 
said user device. 

52. The apparatus of claim 43, further comprising means for embedding said 
authenticated rights locker access request in a Web cookie before said sending. 
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53. The apparatus of claim 43, further comprising mans for encapsulating said 
authenticated rights locker access request in an HTTP Response message before said 
sending. 

54. An apparatus for digital content access control, comprising: 

means for receiving a first authenticated rights locker access request and a digital 

content specification; 
means for validating said first authenticated rights locker access request; 
means for if said validating indicates said first authenticated rights locker access 

request is valid, 

creating an authenticated digital content request for use in accessing digital 

content stored by a digital content repository; 
if a first token used to create said authenticated rights locker access request has 

been fully redeemed, obtaining a new token that authenticates future access 

to a rights locker corresponding to said digital content; 
creating a new authenticated rights locker access request based at least in part on 

said new token; and 
sending said authenticated digital content request and said new authenticated 

rights locker access request. 
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55. The apparatus of claim 54 wherein said means for receiving further comprises means 
for receiving one or more delivery parameters, said one or more delivery parameters 
indicating where said digital content should be sent, a delivery mechanism, or both. 

56. The apparatus of claim 54 wherein said new token is for storage in a bookmark on a 
user device. 

57. The apparatus of claim 54, further comprising means for embedding said 
authenticated rights locker access request in a Web cookie before said sending. 

58. The apparatus of claim 54, further comprising means for encapsulating said 
authenticated rights locker access request in an HTTP Response message before said 
sending. 

59. An apparatus for digital content access control, comprising: 

means for receiving a first authenticated rights locker access request and a digital 

content specification; 
means for validating said first authenticated rights locker access request; 
means for if said validating indicates said first authenticated rights locker access 
request is valid, 

creating an authenticated digital content request for use in accessing digital 

content stored by a digital content repository; 
sending said authenticated digital content request to a digital content repository; 
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if a first token used to create said authenticated rights locker access request has 

been fully redeemed, obtaining a new token that authenticates future access 

to a rights locker corresponding to said digital content; 
creating a new authenticated rights locker access request based at least in part on 

said new token; and 
sending said authenticated digital content request and said new authenticated 

rights locker access request. 

60. The apparatus of claim 59 wherein said means for receiving further comprises means 
for receiving one or more delivery parameters, said one or more delivery parameters 
indicating where said digital content should be sent, a delivery mechanism, or both. 

61. The apparatus of claim 59 wherein said new token is for storage in a bookmark on a 
user device. 

62. The apparatus of claim 59, further comprising means for embedding said 
authenticated rights locker access request in a Web cookie before said sending. 

63. The apparatus of claim 59, further comprising means for encapsulating said 
authenticated rights locker access request in an HTTP Response message before said 
sending. 

64. An apparatus for digital content access control, comprising: 
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a memory for storing one or more rights lockers that describe digital content access 

rights; and 
a processor configured to: 

receive a rights locker enrollment request from a user device associated with a 
user, said rights locker enrollment request comprising a digital content 
request and enrollment authentication data; 
determine whether said user is authorized, said determining comprising 

determining the rights of said user to access said rights locker and the rights 
of said user to digital content specified by said digital content request; and 
if said user is authorized, 

initialize said rights locker with rights to said digital content; 
if a first token used to create said authenticated rights locker access request 
has been fully redeemed, obtain a new token that authenticates future 
access to a rights locker corresponding to said digital content; 
create an authenticated rights locker access request based at least in part on 

said new token; and 
send said authenticated rights locker access request. 

65. The apparatus of claim 64 wherein said digital content request comprises a request 
for initializing said rights locker with rights to specified digital content. 

66. The apparatus of claim 64 wherein said enrollment authentication data comprises: 
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rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 

has to digital content associated with said rights locker. 

67. The apparatus of claim 66 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 

68. The apparatus of claim 66 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

69. The apparatus of claim 66 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 

70. The apparatus of claim 64 wherein said determining comprises determining whether 
said user is entitled to become an enrolled user based at least in part on whether 
payment for use of the rights locker service succeeds. 

71. The apparatus of claim 64 wherein said determining comprises determining whether 
an enrolled user is entitled to populate said rights locker with rights to said digital 
content based at least in part on whether payment for said rights succeeds. 
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72. The apparatus of claim 64 wherein said new token is for storage in a bookmark on 
said user device. 

73. The apparatus of claim 64 wherein said processor is further configured to embed said 
authenticated rights locker access request in a Web cookie before said sending. 

74. The apparatus of claim 64 wherein said processor is further configured to 
encapsulate said authenticated rights locker access request in an HTTP Response 
message before said sending. 

75. An apparatus for digital content access control, comprising: 

a memory for storing one or more rights lockers that describe digital content access 

rights; and 
a processor configured to: 

receive a first authenticated rights locker access request and a digital content 
specification; 

validate said first authenticated rights locker access request; 

if said validation indicates said first authenticated rights locker access request is 

valid, 

create an authenticated digital content request for use in accessing digital 
content stored by a digital content repository; 
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if a first token used to create said authenticated rights locker access request has 

been fully redeemed, obtain a new token that authenticates future access to 

a rights locker corresponding to said digital content; 
create a new authenticated rights locker access request based at least in part on 

said new token; and 
send said authenticated digital content request and said new authenticated 

rights locker access request. 

76. The apparatus of claim 75 wherein said apparatus is further configured to receive one 
or more delivery parameters, said one or more delivery parameters indicating where 
said digital content should be sent, a delivery mechanism, or both. 

77. The apparatus of claim 75 wherein said new token is for storage in a bookmark on a 
user device. 

78. The apparatus of claim 75 wherein said processor is further configured to embed said 
authenticated rights locker access request in a Web cookie before said sending. 

79. The apparatus of claim 75 wherein said processor is further configured to 
encapsulate said authenticated rights locker access request in an HTTP Response 
message before said sending. 

80. An apparatus for digital content access control, comprising: 
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a memory for storing one or more rights lockers that describe digital content access 

rights; and 
a processor configured to: 

receive a first authenticated rights locker access request and a digital content 
specification; 

validate said first authenticated rights locker access request; 

if said validation indicates said first authenticated rights locker access request is 

valid, 

create an authenticated digital content request for use in accessing digital 

content stored by a digital content repository; 
send said authenticated digital content request to a digital content 

repository; 

if a first token used to create said authenticated rights locker access 

request has been fully redeemed, obtain a new token that authenticates 
future access to a rights locker corresponding to said digital content; 

create a new authenticated rights locker access request based at least in 
part on said new token; and 

send said authenticated digital content request and said new authenticated 
rights locker access request. 



81. The apparatus of claim 80 wherein said apparatus is further configured to receive one 
or more delivery parameters, said one or more delivery parameters indicating where 
said digital content should be sent, a delivery mechanism, or both. 
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82. The apparatus of claim 80 wherein said new token is for storage in a bookmark on a 
user device. 

83. The apparatus of claim 80 wherein said processor is further configured to embed said 
authenticated rights locker access request in a Web cookie before said sending. 

84. The apparatus of claim 80 wherein said processor is further configured to 
encapsulate said authenticated rights locker access request in an HTTP Response 
message before said sending. 

85. A memory for storing data for access by an application program being executed on a 
data processing system, comprising: 

a data structure stored in said memory, said data structure including information used 
by said program to control access to digital content, said data structure 
comprising a user ID table comprising one or more elements, said one or more 
elements comprising a user ID and a reference to one or more rights lockers 
associated with said user ID, said one or more rights lockers describing a user's 
access rights for digital content associated with said rights locker. 

86. The memory of claim 85, said data structure further comprising a reenrollment key 
for use in identifying a user in a future enrollment request for a rights locker, said 
reenrollment key supplied in a previous enrollment request. 
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87. A memory for storing data for access by an application program being executed on a 
data processing system, comprising: 

a data structure stored in said memory, said data structure including information used 
by said program to control access to digital content, said data structure 
comprising one or more rights lockers comprising one or more entries defining a 
digital content access rights description, said one or more entries comprising one 
or more access token or tokenized URL. 

88. The memory of claim 87 wherein a maximum number of said rights lockers per user 
is based at least in part on a commercial relationship between said user and a rights 
locker provider. 

89. The memory of claim 88 wherein a first one or more rights lockers per user are 
allocated for personal use and a second one or more rights lockers per user are 
allocated for work-related use. 

90. The memory of claim 87, said one or more entries further comprising a rights 
description that describes the right indicated by said rights indicator. 
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